Doc: variable cilium_ipsec_key must be base64 encoded (#10781)

Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
kubernetes-sigs · Jan 22, 2024 · a2ed5fc · a2ed5fc
1 parent 6497ecc
commit a2ed5fc
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/docs/cilium.md b/docs/cilium.md
@@ -141,15 +141,19 @@ cilium_encryption_enabled: true
 cilium_encryption_type: "ipsec"
 ```
 
-The third variable is `cilium_ipsec_key.` You need to create a secret key string for this variable.
+The third variable is `cilium_ipsec_key`. You need to create a secret key string for this variable.
 Kubespray does not automate this process.
 Cilium documentation currently recommends creating a key using the following command:
 
 ```shell
 echo "3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128"
 ```
 
-Note that Kubespray handles secret creation. So you only need to pass the key as the `cilium_ipsec_key` variable.
+Note that Kubespray handles secret creation. So you only need to pass the key as the `cilium_ipsec_key` variable, base64 encoded:
+
+```shell
+echo "cilium_ipsec_key: "$(echo -n "3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128" | base64 -w0)
+```
 
 ### Wireguard Encryption